DHS IG: TSA needs better net security

The Transportation Security Administration has improved its network security, but the agency still cannot ensure that critical computer network operations and data are protected from hackers and can be restored following an emergency, according to a new report from the Homeland Security Department's Office of the Inspector General.

TSA falls short in developing and implementing such processes as security testing, monitoring with audit trails, configuration and patch management, and password protection, the report said. Also, contingency plans have not been finalized or tested.

TSA shares information with airports through a WAN. But it lacks a comprehensive security testing program to ensure the integrity of that network, the report said.

While some vulnerability scans are performed monthly, TSA does not conduct penetration testing and password analysis, and does not test all devices connected to the network as recommended, the report said.

TSA officials agreed with the advice, according to the report.

To read the report, go to www.gcn.com and enter 487 in the GCN.com/box.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.